kyrsjo Skrevet 24. november 2004 Del Skrevet 24. november 2004 (endret) Jauda. Den så ofte før nevnte ldap-serveren er satt opp, og den kjører da på et sett. Men *NOE* er galt! Når jeg forsøker å opprette en bruker via directory administrator, får jeg "object class violation". Å opprette via phpldapadmin går fint, men når jeg prøver å logge inn på kontoen, får jeg beskjed om at brukeren ikke eksisterer... Et forsøk på å bytte server til "gamleserveren" gav øyeblikkelig suksess. Men det var liksom ikke heeelt poenget da... Herregud! At dette kan være så vanskelig! Har googla alt for mye.. uansett hva jeg gjør, så FUNKER DET IKKE!!!! ARGH!!!! *frustrert* *siste ordet for å overkomme dustete "minst 3 ord i topic"* Endret 26. november 2004 av kyrsjo Lenke til kommentar
kyrsjo Skrevet 24. november 2004 Forfatter Del Skrevet 24. november 2004 Meldte meg på "users" mailing lista til openldap. Håper de kan hjelpe Lenke til kommentar
zyp Skrevet 24. november 2004 Del Skrevet 24. november 2004 Du kunne jo skrevet "Trøbbel med LDAP". Hvordan er versjonene på de to serverne? Lenke til kommentar
kyrsjo Skrevet 24. november 2004 Forfatter Del Skrevet 24. november 2004 *sjekke i morgen* gamleserveren som virker tror jeg kjører en (gammel) CVS versjon... Nyserveren har sin apta fra debian sarge. Lenke til kommentar
kyrsjo Skrevet 25. november 2004 Forfatter Del Skrevet 25. november 2004 Gammel server (virker): 2.0.23-6.3 (i alle fall ifl dpkg) Ny server (virker ikke så bra): 2.1.30-3 Config-fil gammel server: # This is the main ldapd configuration file. See slapd.conf(5) for more # info on the configuration options. # Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema # Schema check allows for forcing entries to # match schemas for their objectClasses's schemacheck on # Where the pid file is put. The init.d script # will not stop the server if you change this. pidfile /var/run/slapd.pid # List of arguments that were passed to the server argsfile /var/run/slapd.args # Where to store the replica logs replogfile /var/lib/ldap/replog # Read slapd.conf(5) for possible values loglevel 0 ####################################################################### # ldbm database definitions ####################################################################### #backend lbdm # The backend type, ldbm, is the default standard database ldbm # The base of your directory suffix "dc=valler,dc=vgs,dc=no" # Where the database file are physically stored directory "/var/lib/ldap" # Indexing options index objectClass eq # Save the time that the entry gets modified lastmod on # The userPassword by default can be changed # by the entry owning it if they are authenticated. # Others should not be able to see it, except the # admin entry below access to attribute=userPassword by dn="Manager" write by dn="kyrre" write by dn="krikkert" write by dn="lars" write by anonymous auth by self write by * none access to attribute=mail by dn="kyrre" write by dn="krikkert" write by dn="lars" write by dn="Manager" write by self write by * none # The admin dn has full write access access to * by dn="Manager" write by dn="kyrre" write by dn="krikkert" write by dn="lars" write by * read # For Netscape Roaming support, each user gets a roaming # profile for which they have write access to access to dn=".*,ou=Roaming,o=morsnet" by dn="Manager" write by dnattr=owner write #rootdn "cn=Manager,o=Admin,dc=valler,dc=vgs,dc=no" #rootpw *ukryptert-ikkebrukt-gammelt-root-pw* Den nye serveren, ganske standard konfigurert: # Allow LDAPv2 binds allow bind_v2 # This is the main slapd configuration file. See slapd.conf(5) for more # info on the configuration options. ####################################################################### # Global Directives: # Features to permit #allow bind_v2 # Schema and objectClass definitions include /etc/ldap/schema/core.schema include /etc/ldap/schema/cosine.schema include /etc/ldap/schema/nis.schema include /etc/ldap/schema/inetorgperson.schema # Schema check allows for forcing entries to # match schemas for their objectClasses's schemacheck on # Where the pid file is put. The init.d script # will not stop the server if you change this. pidfile /var/run/slapd/slapd.pid # List of arguments that were passed to the server argsfile /var/run/slapd.args # Read slapd.conf(5) for possible values loglevel 0 # Where the dynamically loaded modules are stored modulepath /usr/lib/ldap moduleload back_bdb ####################################################################### # Specific Backend Directives for bdb: # Backend specific directives apply to this backend until another # 'backend' directive occurs backend bdb ####################################################################### # Specific Backend Directives for 'other': # Backend specific directives apply to this backend until another # 'backend' directive occurs #backend <other> ####################################################################### # Specific Directives for database #1, of type bdb: # Database specific directives apply to this databasse until another # 'database' directive occurs database bdb # The base of your directory in database #1 suffix "dc=valler,dc=vgs,dc=no" # Where the database file are physically stored for database #1 directory "/var/lib/ldap" # Indexing options for database #1 index objectClass eq # Save the time that the entry gets modified, for database #1 lastmod on # Where to store the replica logs for database #1 # replogfile /var/lib/ldap/replog # The userPassword by default can be changed # by the entry owning it if they are authenticated. # Others should not be able to see it, except the # admin entry below # These access lines apply to database #1 only access to attribute=userPassword by dn="cn=admin,dc=valler,dc=vgs,dc=no" write by anonymous auth by self write by * none # Ensure read access to the base for things like # supportedSASLMechanisms. Without this you may # have problems with SASL not knowing what # mechanisms are available and the like. # Note that this is covered by the 'access to *' # ACL below too but if you change that as people # are wont to do you'll still need this if you # want SASL (and possible other things) to work # happily. access to dn.base="" by * read # The admin dn has full write access, everyone else # can read everything. access to * by dn="cn=admin,dc=valler,dc=vgs,dc=no" write by * read # For Netscape Roaming support, each user gets a roaming # profile for which they have write access to #access to dn=".*,ou=Roaming,o=morsnet" # by dn="cn=admin,dc=valler,dc=vgs,dc=no" write # by dnattr=owner write ####################################################################### # Specific Directives for database #2, of type 'other' (can be bdb too): # Database specific directives apply to this databasse until another # 'database' directive occurs #database <other> # The base of your directory for database #2 #suffix "dc=debian,dc=org" En slapcat fra nye serveren: dn: dc=valler,dc=vgs,dc=no objectClass: top objectClass: dcObject objectClass: organization o: valler.vgs.no dc: valler structuralObjectClass: organization entryUUID: 7f169124-c5ad-1028-825c-c707c8a035c2 creatorsName: cn=anonymous modifiersName: cn=anonymous createTimestamp: 20041108083949Z modifyTimestamp: 20041108083949Z entryCSN: 2004110808:39:49Z#0x0001#0#0000 dn: cn=admin,dc=valler,dc=vgs,dc=no objectClass: simpleSecurityObject objectClass: organizationalRole cn: admin description: LDAP administrator userPassword:: e*borteborte*WG8= structuralObjectClass: organizationalRole entryUUID: 7f2190d8-c5ad-1028-825d-c707c8a035c2 creatorsName: cn=anonymous modifiersName: cn=anonymous createTimestamp: 20041108083949Z modifyTimestamp: 20041108083949Z entryCSN: 2004110808:39:49Z#0x0002#0#0000 dn: ou=People,dc=valler,dc=vgs,dc=no ou: People objectClass: top objectClass: organizationalUnit structuralObjectClass: organizationalUnit entryUUID: 6f64f7d8-c8fb-1028-8823-ca59c3d35cee creatorsName: cn=admin,dc=valler,dc=vgs,dc=no createTimestamp: 20041112133517Z entryCSN: 2004111213:35:17Z#0x0001#0#0000 modifiersName: cn=admin,dc=valler,dc=vgs,dc=no modifyTimestamp: 20041112133517Z dn: cn=users,ou=People,dc=valler,dc=vgs,dc=no objectClass: top objectClass: posixGroup cn: users gidNumber: 500 structuralObjectClass: posixGroup entryUUID: 5e9ba994-cbf1-1028-8824-ca59c3d35cee creatorsName: cn=admin,dc=valler,dc=vgs,dc=no createTimestamp: 20041116080047Z entryCSN: 2004111608:00:47Z#0x0001#0#0000 modifiersName: cn=admin,dc=valler,dc=vgs,dc=no modifyTimestamp: 20041116080047Z dn: cn=laerere,ou=People,dc=valler,dc=vgs,dc=no objectClass: top objectClass: posixGroup cn:: bGFlcmVyZSA= gidNumber: 501 structuralObjectClass: posixGroup entryUUID: 96a31d46-cbff-1028-8825-ca59c3d35cee creatorsName: cn=admin,dc=valler,dc=vgs,dc=no createTimestamp: 20041116094234Z entryCSN: 2004111609:42:34Z#0x0001#0#0000 modifiersName: cn=admin,dc=valler,dc=vgs,dc=no modifyTimestamp: 20041116094234Z dn: cn=elever,ou=People,dc=valler,dc=vgs,dc=no objectClass: top objectClass: posixGroup cn: elever gidNumber: 502 structuralObjectClass: posixGroup entryUUID: a22d63f6-cbff-1028-8826-ca59c3d35cee creatorsName: cn=admin,dc=valler,dc=vgs,dc=no createTimestamp: 20041116094254Z entryCSN: 2004111609:42:54Z#0x0001#0#0000 modifiersName: cn=admin,dc=valler,dc=vgs,dc=no modifyTimestamp: 20041116094254Z dn: cn=admin,ou=People,dc=valler,dc=vgs,dc=no objectClass: top objectClass: posixGroup cn: admin gidNumber: 503 structuralObjectClass: posixGroup entryUUID: a9cd9d4c-cbff-1028-8827-ca59c3d35cee creatorsName: cn=admin,dc=valler,dc=vgs,dc=no createTimestamp: 20041116094306Z entryCSN: 2004111609:43:06Z#0x0001#0#0000 modifiersName: cn=admin,dc=valler,dc=vgs,dc=no modifyTimestamp: 20041116094306Z dn: uid=kyrre,ou=People,dc=valler,dc=vgs,dc=no uid: kyrre cn: Kyrre sn:: U2rDuGLDpms= loginShell: /bin/bash uidNumber: 600 gidNumber: 500 homeDirectory: /home/kyrre shadowMin: -1 shadowMax: 999999 shadowWarning: 7 shadowInactive: -1 shadowExpire: -1 shadowFlag: 0 objectClass: top objectClass: person objectClass: posixAccount objectClass: shadowAccount structuralObjectClass: person entryUUID: 0fca7048-cc00-1028-8828-ca59c3d35cee creatorsName: cn=admin,dc=valler,dc=vgs,dc=no createTimestamp: 20041116094558Z userPassword::*ser kryptert ut* entryCSN: 2004112414:26:17Z#0x0001#0#0000 modifiersName: cn=admin,dc=valler,dc=vgs,dc=no modifyTimestamp: 20041124142617Z Noen som har en *funerende* ldapserver som kan gjøre en diff på slapcat, og som kan VÆR SÅ SNILL titte på dette. Jeg er desperat! Lenke til kommentar
kyrsjo Skrevet 26. november 2004 Forfatter Del Skrevet 26. november 2004 Hmm... Av en eller annen grunn har jeg gått det til å virke... La brukerne under (gruppen) cn=users,ou=People,dc=valler,dc=vgs,dc=no, og plutselig virket det... Men directory administrator virker ikke særlig bra. Noen som har peiling på en (übergjerne web(min)-basert) løsning for å administrere brukere i LDAP, som også tar seg av sånt som hjemmekataloger, samt *mange* brukere i en sleng? Vet skolelinux har noe slikt men har ikke fått det til å virke... Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå